Providing subversion access via https using Apache

1. How to setup access to Subversion via Apache using the https protocol

This article describes how to provide https access to a subversion repository using Apache.

2. Install apache and subversion packages

You'll need to install the svn module for apache. In ubuntu, install the packages "libapache2-svn", "subversion" and "apache2" using the following command as root:

root@turtle:~# apt-get install libapache2-svn subversion apache2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdb4.8 libneon27-gnutls libsvn1
Suggested packages:
  apache2-doc apache2-suexec apache2-suexec-custom db4.8-util subversion-tools
The following NEW packages will be installed:
  apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapache2-svn libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdb4.8 libneon27-gnutls
  libsvn1 subversion
0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/3,836 kB of archives.
After this operation, 10.8 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Considering dependency dav for dav_svn:
Enabling module dav.
Enabling module dav_svn.

3. check mod_svn module is enabled

It should have been enabled as part of the install in the previous step.

root@turtle:~# a2enmod dav_svn
Considering dependency dav for dav_svn:
Module dav already enabled
Module dav_svn already enabled

4. Create subversion repository directory

Choose and create your repository directory. This is will grow as developers make commits to the repo. I've chosen /var/svn/com.magicmonster.example

root@turtle:~# mkdir -p /var/svn/com.magicmonster.example

5. Change ownership to the apache dav user

Apache will be reading and writing files to the repository, so change the ownership of the files. On ubuntu the default user and group for apache is 'www-data'.

root@turtle:~# chown www-data:www-data -R /var/svn/com.magicmonster.example

If you want to change the apache user, look in /etc/apache2/envvars.

6. Initialise the repo

Switch to the www-data user and create the repo.

root@turtle:~# sudo -u www-data -i svnadmin create /var/svn/com.magicmonster.example

7. Import an existing repository

This step is optional, but is useful if you are moving repositories and have created a backup.

Assuming the backup file was named backup.svndump, load it using the following command:

root@turtle:~# sudo -u www-data -i svnadmin load /var/svn/com.magicmonster.example < backup.svndump
<<< Started new transaction, based on original revision 1
     * adding path : pom.xml ... done.
     * adding path : src ... done.<
------- Committed revision 42 >>>

8. Add users

You can now add some users. You will be prompted for a password for each one. This will create the auth file /var/svn/com.magicmonster.example-auth. Note that the first command uses the -c switch to create the file. Subsequent commands will not need the switch.

root@turtle:~# htpasswd -cm /var/svn/com.magicmonster.example-auth developer1
New password:
Re-type new password:
Adding password for user developer1
root@turtle:~# htpasswd -m /var/svn/com.magicmonster.example-auth developer2
New password:
Re-type new password:
Adding password for user developer2

We have created subversion users developer1 and developer2 above. Remember the passwords used as these must be provided to the developers.

9. Check the directory

You should be able to see the auth file and also the subversion repository directory (which is owned by www-data).

root@turtle:/var/svn# ls -la
total 16
drwxr-xr-x  3 root     root     4096 Nov 26 23:39 .
drwxr-xr-x 15 root     root     4096 Nov 26 23:25 ..
drwxr-xr-x  6 www-data www-data 4096 Nov 26 23:30 com.magicmonster.example
-rw-r--r--  1 root     root       98 Nov 26 23:39 com.magicmonster.example-auth

10. Enable ssl in Apache

You'll need to enable either mod_ssl or mod_gnutls to support ssl. I've chosen mod_ssl.

root@turtle:~# a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
service apache2 restart

11. Add site configuration to Apache

The following apache site config assumes port 443 will be used, and assumes the default SSL certificate is sufficient. Create the document root and log directory:

root@turtle:~# mkdir -p /var/www/com.magicmonster.example
root@turtle:~# mkdir -p /var/log/apache2/com.magicmonster.example

Next create the file /etc/apache2/sites-available/ and add the following contents.

NameVirtualHost *:443
<VirtualHost *:443>

    SSLEngine On
    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

    <Location /com.magicmonster.example>
        DAV svn
        SVNPath /var/svn/com.magicmonster.example
        AuthType Basic
        AuthName "svn repo of com.magicmonster.example"
        AuthUserFile /var/svn/com.magicmonster.example-auth

    DocumentRoot /var/www/com.magicmonster.example

    ErrorLog /var/log/apache2/com.magicmonster.example/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/com.magicmonster.example/access.log combined
    ServerSignature On

12. Enable the site in Apache

root@turtle:~# a2ensite
Enabling site
To activate the new configuration, you need to run:
  service apache2 reload

13. Reload Apache

Restart apache:

root@turtle:~# service apache2 restart
 * Restarting web server apache2

14. Subversion URL

Assuming you have setup DNS, you can now give the URL to developer1 and developer2.